Explore Joe Security Cloud Basic Accounts Subscribe to our Newsletters Contact Us
top title background image

Joe Sandbox Class

Deep Malware Hunting and Similarity Analysis!

Joe Sandbox Class Joe Sandbox Class enables to hunt for similar malware. Given a malware sample, Joe Sandbox Class identifies all samples which share similar codes.

Class reports that contain key information about the common functionality within a malware group enable cyber-security professionals to find and classify new malware variants and to understand the evolution of modern threats.

Joe Sandbox Class is a plugin for Joe Sandbox Desktop, Joe Sandbox Complete and Joe Sandbox Ultimate.

Joe Sandbox Class Explained

Joe Sandbox Class Explained

Joe Sandbox Class is fully integrated into Joe Sandbox Desktop, Complete or Ultimate.

Features from the analysis report are extracted in the first step of the process. Joe Sandbox Class mainly uses Hybrid Code Analysis as well as Behavior Signature Information in this step. Next, the features are generalized and noise is reduced. A similarity search over all stored features is then executed.

Joe Sandbox Class generates a classification report in HTML, XML and JSON outlining similar samples as well as the shared Hybrid Code Analysis results. In addition, it compiles a detailed graph for a complete malware set.

Joe Sandbox Class output is very useful for finding similarities shared within different malware variants or groups. It can also be used to identify new, never-before-seen samples.

Explore Joe Sandbox Class

Have a look at the classification reports generated by Joe Sandbox Class or contact Joe Security to schedule a technical presentation.

Hybrid Code Analysis Data

Joe Sandbox Class classification algorithm is based on Hybrid Code Analysis (HCA) results. HCA combines dynamic and static program analysis while retaining such benefits as code completion. Joe Sandbox Class uses the complete view, including non-executed codes of the malware behavior for similarity analysis.

Hybrid Code Analysis Data

Scalable

Joe Sandbox Class's classification algorithm is scalable (O(n*m), n = number of features per sample, m = number of stored features in the database) and can be mutlithreaded to process enormous amounts of data in a short period of time.

Scalable

Quick Installation and Setup

Joe Sandbox Class is a plugin for Joe Sandbox Desktop, Complete or Ultimate. Its installation and setup is quick and simple.

Quick Installation and Setup

Supplementary Analysis Data

In addition to classification reports in HTML, XML and JSON formats, Joe Sandbox Class generates a detailed cluster map in GraphML format.

Supplementary Analysis Data

Flexibility and Customization

Joe Sandbox Class is built as a modular and scalable system with many settings for advanced tuning. With its open SDK, behavior signatures and cookbooks, it enables performing advanced use cases to serve organizations' specific needs. Joe Sandbox Class supports multiple analysis machines with different applications/versions installed.

Flexibility and Customization

Additional Support, Maintenance and Consulting

Joe Security provides excellent services, such as system installations, training, maintenance, customization and expert knowledge as an supplemental package to Joe Sandbox Class.

Additional Support, Maintenance and Consulting

Explore Joe Sandbox Class

Have a look at the classification reports generated by Joe Sandbox Class or contact Joe Security to schedule a technical presentation.

Class 2.0.0
29/08/2018

Analysis Report
APT28/Grizzlybear related sample

MD5:
f0309aa0519ee70c29bbb471352781e7

Class 2.0.0
29/08/2018

Analysis Report
Malicious RTF using CVE-2018-0802

MD5:
15a43d4c8ae9592ee06a410c58311e35

Class 2.0.0
29/08/2018

Analysis Report
Gozi ISFB Banking Malware

MD5:
e2476ed98a57bbb14f45fd1e04d4c43c

Class 2.0.0
29/08/2018

Analysis Report
DarkComet RAT

MD5:
cd1974c09f7171e19634de0e00d7efb7